Overview Getting Started Python SDK TypeScript SDK OrgKernel Mission Store Changelog Examples Status Community Docs ↗
Getting Started Guide

Integrate OrgKernel
into your platform.

Install the library, wire identity, execution tokens, and the audit chain against your own database, then verify tamper-proof integrity end to end.

Prerequisites

OrgKernel is a Python library you embed in your application. You run it against your database and process — there is no separate hosted service or API key for the library itself.

System requirements: Python 3.10+ (3.12 recommended). Any operating system. A database: PostgreSQL 18.1+, MySQL, or SQLite. Optional: FastAPI if you want the built-in HTTP router.

Step 1 — Install the SDK

# pip
pip install orgkernel
# or with a specific database driver
pip install orgkernel[postgres]   # postgresql+asyncpg
pip install orgkernel[mysql]      # aiomysql
pip install orgkernel[sqlite]     # aiosqlite
# verify installation
python -c "import orgkernel; print(orgkernel.__version__)"
Note: OrgKernel is a library, not a hosted service. No API key authentication is required. You need to connect to your own database.

Step 2 — Integrate the trust layer

OrgKernel provides three core building blocks that you can embed into your platform as needed:

  • AgentIdentity → Issue cryptographic identities for each AI agent
  • ExecutionToken → Validate scope permissions before every external call
  • AuditChain → Record all operations with tamper-proof integrity

A complete lifecycle example for a Mission:

# ── 1. Issue an agent identity ─────────────────────────────────
from orgkernel.services import AgentIdentityService, ExecutionTokenService, AuditChainService
from orgkernel.schemas import AgentIdentityCSR, ExecutionTokenCreate, ScopeCheckRequest, AuditLayer

identity_svc = AgentIdentityService(db)
csr = AgentIdentityCSR(
    agent_name="compliance-agent",
    org_id="acme-corp",
    requested_ou="legal/compliance",
    public_key="<agent-ed25519-public-key-base64url>",
    purpose="policy-audit",
)
result = await identity_svc.issue_from_csr(csr)
# Store result.certificate + result.private_key_pem — NEVER sent back to server

# ── 2. Mint an execution token ─────────────────────────────────
token_svc = ExecutionTokenService(db)
token = await token_svc.mint(
    ExecutionTokenCreate(
        agent_id=result.identity.agent_id,
        mission_id="msn_audit01",
        execution_scope=["doc_reader", "email_sender"],
        expires_at=datetime.now(timezone.utc) + timedelta(hours=24),
    )
)

# ── 3. Enforce scope on every tool call ────────────────────────
check = await token_svc.check_scope(
    ScopeCheckRequest(token_id=token.token_id, tool_name="doc_reader", params={"doc_id": "POL-001"})
)
# check.passed → True

# ── 4. Append to audit chain ─────────────────────────────────────
audit_svc = AuditChainService()
chain_id = await audit_svc.initialize(db, mission_id="msn_audit01", agent_id=result.identity.agent_id)
await audit_svc.append(
    db,
    chain_id=chain_id,
    layer=AuditLayer.EXECUTION,
    event="EXECUTION_tool_call",
    agent_id=result.identity.agent_id,
    mission_id="msn_audit01",
    data={"tool": "doc_reader", "doc_id": "POL-001", "result": "success"},
    token_id=token.token_id,
)

# ── 5. Verify audit chain integrity ────────────────────────────
valid = await audit_svc.verify_integrity(db, chain_id)
# → True — all SHA-256 hashes valid, no tampering detected

Step 3 — Observe the trust lifecycle

OrgKernel does not provide a hosted runtime. Here are two key integration points where you can add observability:

Tool Gateway intercepts every external call
    → ExecutionToken scope check (ALLOWED / BLOCKED)
    → AuditChain appends entry with SHA-256 prev_hash
    → ScopeCheckResponse.passed + entry.entry_hash returned

Org authority revokes or suspends an agent
    → AgentIdentity.status changes (ACTIVE → SUSPENDED / REVOKED)
    → New tool calls blocked immediately
    → AuditChain appends IDENTITY revocation entry

Step 4 — Verify the audit trail

Load the chain for a mission, verify cryptographic integrity, and inspect each recorded action.

# Get the completed audit chain
chain = await audit_svc.get_by_mission(db, mission_id="msn_audit01")

# Verify integrity — recompute all SHA-256 hashes
valid = await audit_svc.verify_integrity(db, chain.chain_id)
# → True (all entries link correctly)

# Inspect every recorded action
for entry in chain.entries:
    print(f"[{entry.layer}] {entry.event}: tool={entry.data.get('tool')} → {entry.data.get('result')}")
# [IDENTITY] IDENTITY_agent_created
# [EXECUTION] EXECUTION_tool_call: tool=doc_reader → success

Step 5 — Publish to the Mission Registry

On the Metaprise platform, publish a MissionPackage so enterprises can discover and run it. You'll earn a share of execution fees.

from metaprise import MissionDefinition, MissionPackage, MissionRegistry

mission = MissionDefinition(
    objective = "Reconcile outstanding invoices for Q1 2026",
    tools     = ["accounting_api", "contract_db", "email"],
    authority = "finance_team",
    timeout   = 3600,
)

package = MissionPackage(
    name        = "invoice_reconciliation",
    version     = "1.0.0",
    definition  = mission,
    description = "Reconcile invoices against contracts",
    tags        = ["finance", "reconciliation"],
    royalty_pct = 25
)

registry = MissionRegistry(org_id="acme-corp")
registry.publish(package)
# → Published invoice_reconciliation@1.0.0

Next steps

You've installed OrgKernel, integrated the trust layer, verified audit integrity, and seen how Mission publishing works on Metaprise. Here's where to go next:

  • Python SDK Reference — Complete API documentation for the Python SDK
  • Mission Registry — Learn about versioning, forking, and the royalty chain
  • OrgKernel — Integrate enterprise trust into your existing agents
  • Examples & Tutorials — Compliance review, multi-agent workflows, and more
  • Developer Economy — Understand the revenue share model and how to maximize earnings